<?php
/* FILE: process_mod_user_data.php
 * DESCRIPTION: Process called when a user's data is modified via Your Account link in index_secure.php
 * POST DATA: user_email, new_pass, confirm_pass, user_question, user_answer
 * GET DATA: N/A
 */ 
session_start();

include('config.inc');
include('includes/functions.php');

$newEmail = (string)$_POST['user_email'];
$newPass =  (string)$_POST['new_pass'];
$confirmPass = (string)$_POST['confirm_pass'];
$newQuestion = (string)$_POST['user_question'];
$newAnswer = (string)$_POST['user_answer'];
//Check for 1+ errors
$errorString = '?';

//Check to make sure email is not already in use
$emailCheck = "SELECT * FROM user WHERE (user_email = '" . mysql_real_escape_string($newEmail) . "');";
if(!$emailCheckResult = mysql_query($emailCheck))
{
	die($emailCheck);
}
//Need this info...
$emailQuery =
	"SELECT user_email FROM user WHERE user_name = '"
	. mysql_real_escape_string($_SESSION['user_name'])
	. "';";
if(!$queryResult = mysql_query($emailQuery))
	die($emailQuery);
$oldEmail = mysql_fetch_array($queryResult);

//Check to see if email address is valid, if not, throw error
if(!validateEmailAddress($newEmail))
	$errorString = $errorString . 'emErr=1&';
	
if(mysql_num_rows($emailCheckResult) > 0 && $oldEmail[0] != $newEmail)
	$errorString = $errorString . 'emErr=2&';
	
//Check to see if passwords match, if not, throw error
if($newPass != $confirmPass)
	$errorString = $errorString . 'pwErr=1&';

//Check for blank question
if($newQuestion == "")
	$errorString = $errorString . 'sqErr=1&';

//Check for blank answer
if($newAnswer == "")
	$errorString = $errorString . 'saErr=1&';

//No errors
if($errorString == '?')
{
	//UPDATE EMAIL
	//Check if old and new emails are identical, if not, update in user table
	if($oldEmail[0] != $newEmail)
	{
		$updateQuery = 
			"UPDATE user SET user_email = '"
			. mysql_real_escape_string($newEmail)
			. "' WHERE user_name = '"
			. mysql_real_escape_string($_SESSION['user_name'])
			. "' AND user_email = '"
			. mysql_real_escape_string($oldEmail[0])
			. "';";
		if(!$updateQueryResult = mysql_query($updateQuery))
			die($updateQuery);
	}
	//Okay if new password field is empty - just means user is not changing password at this time
	if($newPass != "")
	{
		//UPDATE PASSWORD
		$passwordQuery = 
			"SELECT user_pass FROM user WHERE user_name = '"
			. mysql_real_escape_string($_SESSION['user_name'])
			. "';";
		if(!$passResult = mysql_query($passwordQuery))
			die($passwordQuery);
		$oldPass = mysql_fetch_array($passResult);
		//Check to see if old and new passwords are identical, if not, update user table
		if(md5($newPass) != $oldPass[0])
		{
			$updateQuery = 
				"UPDATE user SET user_pass = '"
				. mysql_real_escape_string(md5($newPass))
				. "' WHERE user_name = '"
				. mysql_real_escape_string($_SESSION['user_name'])
				. "' AND user_pass = '"
				. mysql_real_escape_string($oldPass[0])
				. "';";
			if(!$updateQueryResult = mysql_query($updateQuery))
				die($updateQuery);
		}
	}
	
	//UPDATE SECURITY QUESTION
	$questionQuery =
		"SELECT user_security_question FROM user WHERE user_name = '"
		. mysql_real_escape_string($_SESSION['user_name'])
		. "';";
	if(!$queryResult = mysql_query($questionQuery))
		die($questionQuery);
	$oldQuestion = mysql_fetch_array($queryResult);
	//Check if old and new questions are identical, if not, update in user table
	if($oldQuestion[0] != $newQuestion)
	{
		$updateQuery = 
			"UPDATE user SET user_security_question = '"
			. mysql_real_escape_string($newQuestion)
			. "' WHERE user_name = '"
			. mysql_real_escape_string($_SESSION['user_name'])
			. "' AND user_security_question = '"
			. mysql_real_escape_string($oldQuestion[0])
			. "';";
		if(!$updateQueryResult = mysql_query($updateQuery))
			die($updateQuery);
	}
	
	//UPDATE SECURITY ANSWER
	$answerQuery =
		"SELECT user_security_answer FROM user WHERE user_name = '"
		. mysql_real_escape_string($_SESSION['user_name'])
		. "';";
	if(!$queryResult = mysql_query($answerQuery))
		die($answerQuery);
	$oldAnswer = mysql_fetch_array($queryResult);
	//Check if old and new answers are identical, if not, update in user table
	if($oldAnswer[0] != $newAnswer)
	{
		$updateQuery = 
			"UPDATE user SET user_security_answer = '"
			. mysql_real_escape_string($newAnswer)
			. "' WHERE user_name = '"
			. mysql_real_escape_string($_SESSION['user_name'])
			. "' AND user_security_answer = '"
			. mysql_real_escape_string($oldAnswer[0])
			. "';";
		if(!$updateQueryResult = mysql_query($updateQuery))
			die($updateQuery);
	}
	//Jump back to collections list
	header('Location: index_secure.php');
}
//Something went wrong
else
{
	header('Location: mod_user_data.php' . $errorString);
}
?>